<?php 
	//session_start();
	include('header.php'); 
?>

<!doctype>
<!DOCTYPE html>
<html>
<head>
	<title>Verify Customer Login</title>
</head>
<body>
<div class="container">
	<?php
		
			//$email = $_POST["email"];
			//$password = $_POST["password"];

			$errors = 0;
			$DBConnect = @mysql_connect("localhost", "root","");

			if ($DBConnect === FALSE){
				echo "<p>Unable to connect to the database server. " .
					"Error code " . mysql_errno() . ": " .
					mysql_error() . "</p>\n";
					++$errors;
			}
			else{
				$DBName = "online_stores";
				$result = @mysql_select_db($DBName, $DBConnect);

				if ($result === FALSE){
					echo "<p>Unable to select the database. " .
					"Error code " . mysql_errno($DBConnect) .
					": " . mysql_error($DBConnect) .
					"</p>\n";
					++$errors;
				}
			}
/*===== verify that the email address & password entered are in the customer table  ===========*/

		$TableName = "customer";
		if ($errors == 0) {
		   $SQLstring = "SELECT customerID, firstName, lastName FROM $TableName WHERE email ='".stripslashes($_POST['email']).
		   	"' and password_md5 = '".md5(stripslashes($_POST['password']))."'";
					$QueryResult = @mysql_query($SQLstring, $DBConnect);
					if (mysql_num_rows($QueryResult)==0) {
						echo "<p>The e-mail address/password " .
						" combination entered is not valid.</p>\n";
						++$errors;
					}
					else {
						$Row = mysql_fetch_assoc($QueryResult);
						$CustomerID = $Row['customerID'];
						$CustomerName = $Row['firstName'] . " " . $Row['lastName'];
						//$address = $Row['address'];
						//echo "<p>Welcome back, $customerName!</p>\n";

					}
		}

		//if ther are no error
		if ($errors > 0){
			echo "<p>Please use your browser's BACK button to return ".
			" to the form and fix the errors indicated.</p>\n";
			echo "<p>Or, please register if you have not!<p>";
			header("Location: login.php");
		}

		if ($errors == 0) 
		{
			/*echo "<form method='post' " .
			  " action='index.php'>\n";

			  echo "<input type='hidden' name='customerID' " .
			  " value='$CustomerID'>\n";
			  echo "<input type='submit' name='submit' " .
			  " value='Continue shopping...'>\n";

			  echo "</form>\n";*/
			  $_SESSION['customerID'] = $CustomerID;
			  header("Location: index.php");
			  exit(); 
		}

?>
	
		<?php include('main.php'); ?>
</div>
</body>
</html>

<?php include('footer.php'); ?>